2024 htb university ctf

54toshi · Dec 17, 2024 · ae55611 · ae55611
1 parent 7cf18ed
commit ae55611
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 2 deletions.
diff --git a/2024_htb_universityctf/warmup b/2024_htb_universityctf/warmup
diff --git a/2024_htb_universityctf/writeup.md b/2024_htb_universityctf/writeup.md
@@ -0,0 +1,68 @@
+# rev
+
+## warmup
+
+```c
+// PSEUDOCODE -> IDA DECOMPILER
+
+int __fastcall main(int argc, const char **argv, const char **envp)
+{
+  char v4[56]; // [rsp+0h] [rbp-40h] BYREF
+  unsigned __int64 v5; // [rsp+38h] [rbp-8h]
+
+  v5 = __readfsqword(0x28u);
+  printf("Enter the password: ");
+  __isoc99_scanf("%49s", v4);
+  if ( validate_password(v4) )
+    puts("Access granted!");
+  else
+    puts("Access denied!");
+  return 0;
+}
+
+_BOOL8 __fastcall validate_password(const char *a1)
+{
+  char s2[8]; // [rsp+17h] [rbp-49h] BYREF
+  char v3; // [rsp+1Fh] [rbp-41h]
+  char dest[56]; // [rsp+20h] [rbp-40h] BYREF
+  unsigned __int64 v5; // [rsp+58h] [rbp-8h]
+
+  v5 = __readfsqword(0x28u);
+  *(_QWORD *)s2 = 'b_I\x1ESS G';
+  v3 = 0;
+  strcpy(dest, a1);
+  generate_key(dest);
+  return strcmp(dest, s2) == 0;
+}
+
+// keygen
+size_t __fastcall generate_key(const char *input)
+{
+  size_t result; // rax
+  int i; // [rsp+1Ch] [rbp-14h]
+
+  for ( i = 0; ; ++i )
+  {
+    result = strlen(input);
+    if ( i >= result )
+      break;
+    input[i] = (input[i] ^ 0x2A) + 5;
+  }
+  return result;
+}
+```
+
+solution
+
+```py
+solution = bytes.fromhex("625F491E53532047")[::-1]  # [::-1] wegen LE
+
+key = str()
+for i in range(len(solution)):
+    for j in range(128):
+        if solution[i] == (j ^ 0x2A) + 5:
+            key += chr(j)
+print(f"key: {key}")
+```
+
+`echo 'h1dd3npw' | ltrace ./warmup`
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 ## writeups
 
-Writeups for ctfs in which I participate. <br>
+Writeups for [ctfs](https://en.wikipedia.org/wiki/Capture_the_flag_\(cybersecurity\)) in which I participate. <br>
 
 ### CTFs
 
@@ -14,6 +14,7 @@ Writeups for ctfs in which I participate. <br>
 | [openECSC 2024 round 2](https://open.ecsc2024.it/) | 2024-04-22 | solo | 129 | - | 2700 | [writeups](2024_OpenECSC/round2.md) | 
 | [justctf 2024](https://https://2024.justctf.team/) | 2024-06-05 | TeamAustria | 3 | 437 | - | [writeups](2024_justctf/writeup.md) |
 | [uiuctf 2024](https://2024.uiuc.tf/) | 2024-06-29 | TeamAustria | 4 | 959 | - | [writeups](2024_uiuctf/writeup.md) |
+| [HTB University ctf 2024](https://www.hackthebox.com/universities/university-ctf-2024) | 2024-12-15 | - | - | - | - | [writeups](2024_htb_universityctf/writeup.md) |
 
 ### other writeups
 
@@ -22,7 +23,7 @@ hackthebox writeups: [HTB](HTB)
 
 ### Profiles
 
-tryhackme profile: https://tryhackme.com/p/53toshi <br>
+tryhackme profile: https://tryhackme.com/p/54toshi <br>
 hackthebox profile: https://app.hackthebox.com/profile/1743550 <br>
 ctftime: https://ctftime.org/user/179019 <br>
 ctftime P01s0n3d_Fl4g: https://ctftime.org/team/273774 <br>